Re: [Fed-Talk] Snow Leopard Mail Exchange integration a joke?
Re: [Fed-Talk] Snow Leopard Mail Exchange integration a joke?
- Subject: Re: [Fed-Talk] Snow Leopard Mail Exchange integration a joke?
- From: "Timothy J. Miller" <email@hidden>
- Date: Tue, 8 Sep 2009 10:28:51 -0500
On 9/8/2009 10:01 AM, Miller, Jason G. (MSFC-IS40)[LMIT - MSFC] wrote:
This is most likely not Apple's fault.
In Exchange 2007, Client-Access Servers do not support kerberos (by
design). They might support it in Exchange 2010.
That's not entirely true. The IMAP connector on the CAS supports Kerberos:
stovetop:~ tmiller$ telnet imccas1 143
Trying xxx.xxx.xxx.xxx...
Connected to imccas1.
Escape character is '^]'.
* OK The Microsoft Exchange IMAP4 service is ready.
C01 CAPABILITY
* CAPABILITY IMAP4 IMAP4rev1 AUTH=NTLM AUTH=GSSAPI AUTH=PLAIN STARTTLS
IDLE NAMESPACE LITERAL+
C01 OK CAPABILITY completed.
(AUTH=GSSAPI is Kerberos.)
Now, the HTTP connector on the CAS may not support Kerberos, but that
would be a stupid design decision. All the more so because SPNEGO is
built right into the protocol stack.
> Another possibility
> is that ISA 2006 could front your CAS architecture to support kerberos
> and smart-card auth, but since ISA 2006 is still 32-bit, I probably
> wouldn't do that.
The web server on the CAS can do Kerberos Constrained Delegation (KCD)
as easily as ISA and for a heck of a lot less cost.
-- Tim
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden